nexpose 0.5.6 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7b56d37b2c28a9991180bd467564fa176f11340e
-  data.tar.gz: 4a516a58e4cbc19089c6698800c4977a074587b3
+  metadata.gz: 7ce180b54366855f5d0511fd50185567a5734605
+  data.tar.gz: 5650f50453a932f98e3a722ddf655c0635b80938
 SHA512:
-  metadata.gz: 2bf8f21fcca017217e0fc35829094b2c69fa391997410954eb74588c7a88985572b56b4021945be7a1362867bed4c576b9201b1b58c538b5584d8792e04acf42
-  data.tar.gz: 1de4729765864597e9ca6ac3ee4fa3baa248dfd7671753f8a0536da56a1592ef2c86962cc20c4f36f35b252b8407d2538459ba27c720ba46aa1d956cc8de8fba
+  metadata.gz: e1c3417f80843242824f7c2f606f5087385fcfe027a31fff2c3837c7978c70b8ad1ba4e4ee4d6a1e48befa4e4fe985aa74eee75253dc093705c0a6c77439ff3b
+  data.tar.gz: 757e37366791babc0b690b94807dca9356bc38612b1f8333f2892070d7e9b774de6858d1abc6124bf036fc8bef94dbf126e1d065ee3b0e95f367d9cca702442f

data/lib/nexpose/data_table.rb

@@ -99,23 +99,6 @@ module Nexpose
       record
     end
 
-    # Clean up the 'type-safe' IDs returned by many table requests.
-    # This is a destructive operation, changing the values in the underlying
-    # hash.
-    #
-    # @param [Array[Hash]] arr Array of hashes representing a data table.
-    # @param [String] id Key value of a type-safe ID to clean up.
-    #
-    # Example usage:
-    #   # For data like: {"assetID"=>{"ID"=>2818}, "assetIP"=>"10.4.16.1", ...}
-    #   _clean_data_table!(data, 'assetID')
-    #
-    def _clean_data_table!(arr, id)
-      arr.reduce([]) do |acc, hash|
-        acc << _clean_id!(hash, id)
-      end
-    end
-
     # Convert a type-safe ID into a regular ID inside a hash.
     #
     # @param [Hash] hash Hash map containing a type-safe ID as one key.

data/lib/nexpose/engine.rb

@@ -150,11 +150,13 @@ module Nexpose
       sites << SiteSummary.new(site_id, nil)
     end
 
+    include Sanitize
+
     def to_xml
       xml = '<EngineConfig'
       xml << %( id="#{id}")
       xml << %( address="#{address}")
-      xml << %( name="#{name}")
+      xml << %( name="#{replace_entities(name)}")
       xml << %( port="#{port}")
       xml << %( scope="#{scope}") if scope
       xml << %( priority="#{priority}") if priority

data/lib/nexpose/group.rb

@@ -14,6 +14,8 @@ module Nexpose
       r.success
     end
 
+    alias_method :delete_group, :delete_asset_group
+
     # Retrieve an array of all asset groups the user is authorized to view or
     # manage.
     #

data/lib/nexpose/report.rb

@@ -204,18 +204,17 @@ module Nexpose
     end
 
     def to_xml
-      xml = %(<AdhocReportConfig format='#{@format}' template-id='#{@template_id}')
-      xml << %( owner='#{@owner}') if @owner
-      xml << %( timezone='#{@time_zone}') if @time_zone
-      xml << %( language='#{@language}') if @language
+      xml = %(<AdhocReportConfig format="#{@format}" template-id="#{@template_id}")
+      xml << %( owner="#{@owner}") if @owner
+      xml << %( timezone="#{@time_zone}") if @time_zone
+      xml << %( language="#{@language}") if @language
       xml << '>'
 
       xml << '<Filters>'
       @filters.each { |filter| xml << filter.to_xml }
       xml << '</Filters>'
 
-      xml << %(<Baseline compareTo='#{@baseline}' />) if @baseline
-
+      xml << %(<Baseline compareTo="#{@baseline}"/>) if @baseline
       xml << '</AdhocReportConfig>'
     end
 
@@ -231,7 +230,7 @@ module Nexpose
     # @return Report in text format except for PDF, which returns binary data.
     #
     def generate(connection, timeout = 300)
-      xml = %(<ReportAdhocGenerateRequest session-id='#{connection.session_id}'>)
+      xml = %(<ReportAdhocGenerateRequest session-id="#{connection.session_id}">)
       xml << to_xml
       xml << '</ReportAdhocGenerateRequest>'
       response = connection.execute(xml, '1.1', timeout: timeout)
@@ -317,7 +316,7 @@ module Nexpose
 
     # Save the configuration of this report definition.
     def save(connection, generate_now = false)
-      xml = %(<ReportSaveRequest session-id='#{connection.session_id}' generate-now='#{generate_now ? 1 : 0}'>)
+      xml = %(<ReportSaveRequest session-id="#{connection.session_id}" generate-now="#{generate_now ? 1 : 0}">)
       xml << to_xml
       xml << '</ReportSaveRequest>'
       response = connection.execute(xml)
@@ -341,10 +340,10 @@ module Nexpose
     include Sanitize
 
     def to_xml
-      xml = %(<ReportConfig format='#{@format}' id='#{@id}' name='#{replace_entities(@name)}' template-id='#{@template_id}')
-      xml << %( owner='#{@owner}') if @owner
-      xml << %( timezone='#{@time_zone}') if @time_zone
-      xml << %( language='#{@language}') if @language
+      xml = %(<ReportConfig format="#{@format}" id="#{@id}" name="#{replace_entities(@name)}" template-id="#{@template_id}")
+      xml << %( owner="#{@owner}") if @owner
+      xml << %( timezone="#{@time_zone}") if @time_zone
+      xml << %( language="#{@language}") if @language
       xml << '>'
       xml << %(<description>#{@description}</description>) if @description
 
@@ -353,10 +352,10 @@ module Nexpose
       xml << '</Filters>'
 
       xml << '<Users>'
-      @users.each { |user| xml << %(<user id='#{user}' />) }
+      @users.each { |user| xml << %(<user id="#{user}"/>) }
       xml << '</Users>'
 
-      xml << %(<Baseline compareTo='#{@baseline}' />) if @baseline
+      xml << %(<Baseline compareTo="#{@baseline}"/>) if @baseline
       xml << @frequency.to_xml if @frequency
       xml << @delivery.to_xml if @delivery
       xml << @db_export.to_xml if @db_export
@@ -427,7 +426,14 @@ module Nexpose
     end
 
     def to_xml
-      %(<filter id='#{replace_entities(@id)}' type='#{@type}' />)
+      %(<filter id="#{replace_entities(@id)}" type="#{@type}" />)
+    end
+
+    def ==(object)
+      object.equal?(self) ||
+      (object.instance_of?(self.class) &&
+       object.type == @type &&
+       object.id == @id)
     end
 
     def self.parse(xml)
@@ -458,7 +464,7 @@ module Nexpose
     end
 
     def to_xml
-      xml = %(<Generate after-scan='#{@after_scan ? 1 : 0}' schedule='#{@scheduled ? 1 : 0}'>)
+      xml = %(<Generate after-scan="#{@after_scan ? 1 : 0}" schedule="#{@scheduled ? 1 : 0}">)
       xml << @schedule.to_xml if @schedule
       xml << '</Generate>'
     end
@@ -500,7 +506,7 @@ module Nexpose
 
     def to_xml
       xml = '<Delivery>'
-      xml << %(<Storage storeOnServer='#{@store_on_server ? 1 : 0}'>)
+      xml << %(<Storage storeOnServer="#{@store_on_server ? 1 : 0}">)
       xml << %(<location>#{@location}</location>) if @location
       xml << '</Storage>'
       xml << @email.to_xml if @email
@@ -543,10 +549,10 @@ module Nexpose
     end
 
     def to_xml
-      xml = %(<DBExport type='#{@type}'>)
+      xml = %(<DBExport type="#{@type}">)
       xml << @credentials.to_xml if @credentials
       @parameters.each_pair do |name, value|
-        xml << %(<param name='#{name}'>#{value}</param>)
+        xml << %(<param name="#{name}">#{value}</param>)
       end
       xml << '</DBExport>'
     end
@@ -585,9 +591,9 @@ module Nexpose
 
     def to_xml
       xml = '<credentials'
-      xml << %( userid='#{@user_id}') if @user_id
-      xml << %( password='#{@password}') if @password
-      xml << %( realm='#{@realm}') if @realm
+      xml << %( userid="#{@user_id}") if @user_id
+      xml << %( password="#{@password}") if @password
+      xml << %( realm="#{@realm}") if @realm
       xml << '>'
       xml << @credential if @credential
       xml << '</credentials>'

data/lib/nexpose/scan_template.rb

@@ -7,8 +7,8 @@ module Nexpose
     # @return [Array[String]] list of scan templates IDs.
     #
     def list_scan_templates
-      templates = JSON.parse(AJAX.get(self, '/data/scan/templates'))
-      templates['valueList']
+      templates = JSON.parse(AJAX.get(self, '/api/2.0/scan_templates'))
+      templates['resources'].map { |t| ScanTemplateSummary.new(t) }
     end
 
     alias_method :scan_templates, :list_scan_templates
@@ -23,6 +23,18 @@ module Nexpose
     end
   end
 
+  # Scan Template summary information. Used when retrieving basic information about
+  # all scan templates.
+  #
+  class ScanTemplateSummary
+    attr_reader :name, :id
+
+    def initialize(json)
+      @name = json['name']
+      @id = json['id']
+    end
+  end
+
   # Configuration object for a scan template.
   #
   # The constructor is designed to take a valid XML representation of a scan

data/lib/nexpose/site.rb

@@ -113,6 +113,9 @@ module Nexpose
     # @see SyslogAlert
     attr_accessor :alerts
 
+    # [Array] List of user IDs for users who have access to the site.
+    attr_accessor :users
+
     # Configuration version. Default: 3
     attr_accessor :config_version
 
@@ -138,6 +141,7 @@ module Nexpose
       @credentials = []
       @alerts = []
       @exclude = []
+      @users = []
     end
 
     # Returns true when the site is dynamic.
@@ -258,6 +262,12 @@ module Nexpose
     def to_xml
       xml = %(<Site id='#{id}' name='#{replace_entities(name)}' description='#{description}' riskfactor='#{risk_factor}'>)
 
+      unless @users.empty?
+        xml << '<Users>'
+        @users.each { |user| xml << "<user id='#{user}'/>" }
+        xml << '</Users>'
+      end
+
       xml << '<Hosts>'
       xml << assets.reduce('') { |a, e| a << e.to_xml }
       xml << '</Hosts>'
@@ -309,6 +319,10 @@ module Nexpose
         site.risk_factor = s.attributes['riskfactor'] || 1.0
         site.is_dynamic = true if s.attributes['isDynamic'] == '1'
 
+        s.elements.each('Users/user') do |user|
+          site.users << user.attributes['id'].to_i
+        end
+
         s.elements.each('Hosts/range') do |r|
           site.assets << IPRange.new(r.attributes['from'], r.attributes['to'])
         end

data/lib/nexpose/tags

@@ -161,7 +161,6 @@ VulnerabilityExposure	filter.rb	/^      module VulnerabilityExposure$/;"	m	class
 VulnerabilitySummary	vuln.rb	/^  class VulnerabilitySummary < Vulnerability$/;"	c	class:Nexpose
 XMLUtils	util.rb	/^  module XMLUtils$/;"	m	class:Nexpose
 _append_asset!	scan.rb	/^    def _append_asset!(xml, asset)$/;"	f	class:Nexpose.Connection
-_clean_data_table!	data_table.rb	/^    def _clean_data_table!(arr, id)$/;"	f	class:Nexpose.DataTable
 _clean_id!	data_table.rb	/^    def _clean_id!(hash, id)$/;"	f	class:Nexpose.DataTable
 _disable_check	scan_template.rb	/^    def _disable_check(check, elem)$/;"	f	class:Nexpose.ScanTemplate
 _dyn_headers	data_table.rb	/^    def _dyn_headers(response)$/;"	f	class:Nexpose.DataTable

data/lib/nexpose/vuln.rb

@@ -246,8 +246,10 @@ module Nexpose
   #
   class VulnFinding
 
-    # Unique, console-specific identifier of the vulnerability.
+    # Unique identifier of the vulnerability.
     attr_reader :id
+    # Unique, console-specific identifier of the vulnerability.
+    attr_reader :console_id
     # Vulnerability title.
     attr_reader :title
     attr_reader :cvss_score
@@ -262,9 +264,12 @@ module Nexpose
     attr_reader :exploit
     # Whether known malware kits exploit this vulnerability.
     attr_reader :malware
+    # Date that a vuln was verified, if validation has been carried out.
+    attr_reader :verified
 
     def initialize(json)
-      @id = json['vulnID']
+      @id = json['nexVulnID']
+      @console_id = json['vulnID']
       @title = json['title']
       @cvss_vector = json['cvssBase']
       @cvss_score = json['cvssScore']
@@ -274,6 +279,7 @@ module Nexpose
       @instances = json['vulnInstanceCount']
       @exploit = json['mainExploit']
       @malware = json['malwareCount']
+      @verified = DateTime.iso8601(json['verifiedDate'].slice(0, 15)).to_time if json['verifiedDate']
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.5.6
+  version: 0.6.0
 platform: ruby
 authors:
 - HD Moore
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-21 00:00:00.000000000 Z
+date: 2013-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: librex
@@ -105,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.1.11
 signing_key: 
 specification_version: 4
 summary: Ruby API for Rapid7 Nexpose